Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Root kit infection,Please Help Thankyou


  • This topic is locked This topic is locked
3 replies to this topic

#1 chaesman

chaesman

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:13 AM

Posted 27 December 2010 - 01:19 PM

Hi I have been fighting with a rootkit or two for a few days now advast is blocking it but I have been unsuccessfull in being able to locate it and irradicate it. If you can help it will be greatly appreciated Here is the information I know so far

Object: c:\Users\Jon|appdata\local\microsoft\...\dyteguw_co_co_cc[1].htm
infection JS:Downloader-AGA [trj}
Process c:\windows\explorer.exe

and the second

object c:\users\jon\appdata\local\microsof...\antispywaresetup[1].exe
infection win32:fakesysdef-j [trj]
process c:\windows\explorer.exe

Both these process where blocked by advast home free addition
additionally adaware did not locate anything and niether did Malwarebytes, also tried superantispyware and it seems to nothing also.

I have also included the log files from an initial scan of OTL incase they are needed. Please help I am stumped at this Point

Thank you so much for your time and effort.

I also many recomend format for the JSDOWNLOADER but I realy just want to clean if possible. and would love recomendations on what virus and spy/malware scanners to use in the future to try and prevent this ( Not a fan of MSE)

OTL.txt
OTL logfile created on: 12/27/2010 12:05:36 PM - Run 1
OTL by OldTimer - Version 3.2.18.0 Folder = C:\Users\Jon\Downloads
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.7930.16406)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 59.00% Memory free
7.00 Gb Paging File | 5.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148.95 Gb Total Space | 114.55 Gb Free Space | 76.90% Space Free | Partition Type: NTFS

Computer Name: JON-PC | User Name: Jon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/27 12:05:14 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Jon\Downloads\OTL.exe
PRC - [2010/12/14 14:02:18 | 002,424,560 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2010/12/13 07:08:58 | 000,233,936 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10l_ActiveX.exe
PRC - [2010/12/03 03:05:32 | 001,389,400 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/12/03 03:05:32 | 000,930,032 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/11/18 10:44:16 | 009,221,024 | ---- | M] (Innovative Solutions) -- C:\Program Files\Innovative Solutions\DriverMax\devices.exe
PRC - [2010/09/22 13:19:36 | 000,273,672 | ---- | M] (Microsoft Corp.) -- C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\mswinext.exe
PRC - [2010/09/22 12:03:38 | 000,316,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
PRC - [2010/09/22 12:03:38 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2010/09/07 10:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/09/01 18:28:00 | 000,474,272 | ---- | M] (Atheros Commnucations) -- C:\Program Files\Dell Wireless\Bluetooth Suite\BtvStack.exe
PRC - [2010/09/01 18:27:50 | 000,298,144 | ---- | M] (Atheros Commnucations) -- C:\Program Files\Dell Wireless\Bluetooth Suite\AthBtTray.exe
PRC - [2010/09/01 18:27:48 | 000,056,480 | ---- | M] (Atheros Commnucations) -- C:\Program Files\Dell Wireless\Bluetooth Suite\AdminService.exe
PRC - [2010/05/24 16:44:48 | 000,151,552 | ---- | M] (Atheros) -- C:\Program Files\Dell Wireless\Ath_CoexAgent.exe
PRC - [2010/04/16 10:25:18 | 000,818,288 | ---- | M] (The Weather Channel Interactive, Inc.) -- C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
PRC - [2010/03/26 10:52:24 | 001,234,216 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe
PRC - [2010/03/25 14:39:22 | 000,490,280 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe
PRC - [2009/10/30 23:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/22 13:40:40 | 000,083,336 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
PRC - [2009/07/13 19:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/13 19:14:41 | 000,354,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\StikyNot.exe
PRC - [2009/06/24 16:21:38 | 000,409,744 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2005/06/06 13:23:08 | 001,183,744 | ---- | M] (IVT Corporation) -- C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
PRC - [2005/04/06 16:03:28 | 000,110,592 | ---- | M] () -- C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe


========== Modules (SafeList) ==========

MOD - [2010/12/27 12:05:14 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Jon\Downloads\OTL.exe
MOD - [2010/08/20 23:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009/07/13 19:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/13 19:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/13 19:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009/07/13 19:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/13 19:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009/07/13 19:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/13 19:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/13 19:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/13 19:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/13 19:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/12/13 15:05:18 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/12/03 03:05:32 | 001,389,400 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/09/23 00:21:24 | 001,493,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2010/09/22 16:33:04 | 000,051,040 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010/09/22 12:03:38 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/09/01 18:27:48 | 000,056,480 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files\Dell Wireless\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2010/08/16 00:15:05 | 000,804,864 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2010/05/24 16:44:48 | 000,151,552 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files\Dell Wireless\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent)
SRV - [2010/03/25 14:39:22 | 000,490,280 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/21 17:51:12 | 030,963,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2009/07/30 21:20:04 | 000,144,752 | ---- | M] (TOSHIBA CORPORATION) [On_Demand | Stopped] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2009/07/13 19:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/13 19:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/13 19:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/13 19:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/13 19:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/13 19:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/13 19:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 19:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/13 19:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/13 19:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 19:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/13 19:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/13 19:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/13 19:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 19:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/13 19:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/13 19:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/13 19:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/13 19:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2005/04/06 16:03:28 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe -- (BlueSoleil Hid Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\btwhid.sys -- (btwhid)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\btwdndis.sys -- (BTWDNDIS)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\btport.sys -- (BTDriver)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btaudio.sys -- (btaudio)
DRV - [2010/12/03 03:05:34 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/12/03 03:05:33 | 000,015,264 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2010/11/17 18:36:02 | 000,021,744 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\Dell Support Center\pcdsrvc.pkms -- (PCDSRVC{E9D79540-57D5953E-06020101}_0)
DRV - [2010/09/23 00:21:24 | 000,039,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
DRV - [2010/09/07 09:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 09:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 09:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 09:47:30 | 000,050,768 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2010/09/07 09:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/08/25 19:31:30 | 009,024,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2010/07/07 22:20:02 | 000,026,984 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_bus.sys -- (BTATH_BUS)
DRV - [2010/06/23 09:10:54 | 000,275,048 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rt86win7.sys -- (RTL8167)
DRV - [2010/05/10 12:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 12:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/12/11 01:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/07/28 20:01:26 | 000,069,480 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2009/07/13 19:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/13 19:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/13 19:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/13 19:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/13 19:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/13 19:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/13 19:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/13 19:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/13 19:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/13 19:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/13 19:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/13 19:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/13 19:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/13 19:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/13 19:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/13 19:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/13 19:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/13 19:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/13 19:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/13 19:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/13 19:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/13 19:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/13 19:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/13 19:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/13 19:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/13 19:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/13 19:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/13 19:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/13 19:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/13 19:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/13 19:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/13 19:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/13 19:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/13 19:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/13 19:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/13 19:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/13 19:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/13 19:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/13 18:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/13 18:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\rdpbus.sys -- (rdpbus)
DRV - [2009/07/13 18:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/13 17:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/13 17:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/13 17:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/13 17:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 17:52:04 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vwififlt.sys -- (vwififlt)
DRV - [2009/07/13 17:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/13 17:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\1394ohci.sys -- (1394ohci)
DRV - [2009/07/13 17:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\umpass.sys -- (UmPass)
DRV - [2009/07/13 17:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/13 17:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/13 17:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/13 17:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/13 17:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/13 17:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/13 17:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/13 17:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009/07/13 16:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 16:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/13 16:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/13 16:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/13 16:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/13 16:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/13 16:13:46 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTDPV3.SYS -- (SrvHsfV92)
DRV - [2009/07/13 16:13:45 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTCNXT3.SYS -- (SrvHsfWinac)
DRV - [2009/07/13 16:13:45 | 000,207,360 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (SrvHsfHDA)
DRV - [2009/07/13 16:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/13 16:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/13 16:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009/07/13 16:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/07/02 08:50:16 | 000,047,104 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimspe86.sys -- (rimspci)
DRV - [2009/06/30 19:28:28 | 000,049,152 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\risdpe86.sys -- (risdpcie)
DRV - [2009/06/17 11:59:46 | 000,046,984 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte)
DRV - [2009/06/15 13:05:16 | 000,143,968 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV - [2009/05/28 10:48:20 | 000,134,144 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CtAudDrv.sys -- (CtAudDrv)
DRV - [2009/05/21 02:21:12 | 000,467,968 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/07/31 20:45:42 | 000,020,616 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\BtHidBus.sys -- (BtHidBus)
DRV - [2008/07/02 14:58:48 | 000,026,248 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IvtBtBus.sys -- (IvtBtBUs)
DRV - [2005/05/31 15:40:20 | 000,020,480 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\blueletaudio.sys -- (BlueletAudio)
DRV - [2005/05/31 09:42:28 | 000,023,000 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btcusb.sys -- (Btcsrusb)
DRV - [2005/04/30 14:50:20 | 000,011,860 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VBTEnum.sys -- (BTHidEnum)
DRV - [2005/04/30 14:50:10 | 000,028,271 | ---- | M] (IVT Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\BTHidMgr.sys -- (BTHidMgr)
DRV - [2005/04/30 14:48:58 | 000,010,804 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BtNetDrv.sys -- (BT)
DRV - [2005/03/25 17:18:48 | 000,082,148 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VcommMgr.sys -- (VcommMgr)
DRV - [2004/10/19 13:37:38 | 000,061,312 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VComm.sys -- (VComm)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.helpfulgardener.com/phpBB2/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 65 66 08 44 33 A1 CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2009/06/10 15:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (@C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AthBtTray] C:\Program Files\Dell Wireless\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4 - HKLM..\Run: [AtherosBtStack] C:\Program Files\Dell Wireless\Bluetooth Suite\BtvStack.exe (Atheros Commnucations)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [NBAgent] C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKCU..\Run: [DriverMax] C:\Program Files\Innovative Solutions\DriverMax\devices.exe (Innovative Solutions)
O4 - HKCU..\Run: [DriverMax_RESTART] File not found
O4 - HKCU..\Run: [DW6] C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe (The Weather Channel Interactive, Inc.)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 15:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/24 16:08:02 | 000,000,000 | ---D | C] -- C:\Program Files\The Weather Channel FW
[2010/12/24 16:07:47 | 000,000,000 | ---D | C] -- C:\Users\Jon\AppData\Local\The Weather Channel
[2010/12/24 14:11:06 | 000,000,000 | ---D | C] -- C:\Users\Jon\AppData\Roaming\SUPERAntiSpyware.com
[2010/12/24 14:11:06 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/12/24 14:10:59 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/12/23 22:08:04 | 000,000,000 | ---D | C] -- C:\Program Files\DVDFab 8
[2010/12/23 21:57:02 | 000,000,000 | ---D | C] -- C:\Users\Jon\Documents\DVDFab
[2010/12/23 21:44:24 | 000,000,000 | ---D | C] -- C:\Users\Jon\Desktop\programs
[2010/12/23 21:41:22 | 000,000,000 | ---D | C] -- C:\Users\Jon\Desktop\New folder (2)
[2010/12/23 21:35:18 | 000,073,728 | ---- | C] ( ) -- C:\Windows\System\vdremote.dll
[2010/12/23 21:35:18 | 000,065,536 | ---- | C] ( ) -- C:\Windows\System\vdsvrlnk.dll
[2010/12/23 21:35:08 | 000,000,000 | ---D | C] -- C:\Users\Jon\Desktop\vd
[2010/12/23 18:59:08 | 000,000,000 | ---D | C] -- C:\Users\Jon\AppData\Local\CrashDumps
[2010/12/23 12:29:33 | 000,000,000 | ---D | C] -- C:\Users\Jon\AppData\Local\cache
[2010/12/23 12:27:22 | 000,000,000 | ---D | C] -- C:\Users\Jon\AppData\Local\FullTiltPoker
[2010/12/23 12:27:04 | 000,000,000 | ---D | C] -- C:\Program Files\Full Tilt Poker
[2010/12/23 08:45:38 | 000,000,000 | ---D | C] -- C:\Users\Jon\AppData\Local\{B1F39D98-5ED0-4FA2-9570-1B25EAE1DB11}
[2010/12/23 08:40:59 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Toolbar
[2010/12/23 08:40:46 | 000,000,000 | ---D | C] -- C:\Program Files\Bing Bar Installer
[2010/12/23 08:40:33 | 002,983,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll
[2010/12/23 08:40:32 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbonRes.dll
[2010/12/22 18:50:45 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/12/22 18:50:44 | 002,381,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/12/22 18:50:44 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/12/21 22:21:08 | 000,000,000 | ---D | C] -- C:\Program Files\Dell Support Center
[2010/12/21 22:19:45 | 000,000,000 | ---D | C] -- C:\Users\Jon\Desktop\dell
[2010/12/21 22:16:56 | 000,000,000 | ---D | C] -- C:\ProgramData\PCDr
[2010/12/21 22:16:24 | 000,000,000 | ---D | C] -- C:\Users\Jon\AppData\Roaming\PCDr
[2010/12/21 21:03:17 | 000,000,000 | ---D | C] -- C:\Users\Jon\Desktop\kayla,carolyn,emaly, and britnany pictures
[2010/12/21 20:51:32 | 000,000,000 | ---D | C] -- C:\Users\Jon\Desktop\New folder
[2010/12/21 20:47:27 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/12/21 20:24:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Bluetooth
[2010/12/21 20:22:25 | 000,000,000 | ---D | C] -- C:\Program Files\IVT Corporation
[2010/12/21 20:10:58 | 000,000,000 | ---D | C] -- C:\ProgramData\TOSHIBA
[2010/12/21 20:08:25 | 000,000,000 | ---D | C] -- C:\Users\Jon\AppData\Local\Toshiba
[2010/12/21 20:00:27 | 000,000,000 | ---D | C] -- C:\Users\Jon\Documents\Bluetooth Folder
[2010/12/21 19:59:52 | 000,000,000 | ---D | C] -- C:\Program Files\Dell Wireless
[2010/12/21 19:59:09 | 001,882,624 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\System32\athr.sys
[2010/12/21 19:59:09 | 000,000,000 | ---D | C] -- C:\Windows\Options
[2010/12/21 19:58:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Dell
[2010/12/21 19:49:51 | 000,000,000 | ---D | C] -- C:\Program Files\Toshiba
[2010/12/21 11:15:53 | 001,355,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2010/12/21 11:15:53 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2010/12/21 11:15:53 | 000,596,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/12/21 11:15:53 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010/12/21 11:15:53 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2010/12/21 11:15:53 | 000,166,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2010/12/21 11:15:53 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2010/12/21 11:15:53 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2010/12/21 11:15:53 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2010/12/21 11:15:53 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2010/12/21 11:15:53 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2010/12/21 11:15:53 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2010/12/21 11:15:53 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/12/21 11:15:53 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2010/12/21 11:15:53 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2010/12/21 11:15:53 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2010/12/21 11:15:53 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/12/21 11:15:53 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2010/12/21 11:15:53 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/12/21 11:15:52 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2010/12/21 11:15:52 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2010/12/21 11:15:49 | 003,695,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2010/12/21 11:15:49 | 000,460,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/12/21 11:15:49 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010/12/21 11:15:49 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010/12/21 11:15:49 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2010/12/21 11:15:48 | 000,353,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2010/12/21 11:15:46 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/12/21 11:15:46 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/12/21 11:15:46 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/12/21 11:15:46 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/12/21 11:15:46 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2010/12/21 11:15:43 | 000,150,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2010/12/21 11:15:39 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2010/12/21 11:15:39 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/12/21 11:15:39 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/12/21 11:15:01 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2010/12/21 11:15:01 | 001,076,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2010/12/21 11:15:01 | 000,804,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll
[2010/12/21 11:15:01 | 000,737,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2010/12/21 11:15:01 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2010/12/21 11:14:20 | 000,279,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2010/12/21 11:14:20 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2010/12/21 10:54:10 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll
[2010/12/21 10:51:40 | 000,000,000 | ---D | C] -- C:\Program Files\Feedback Tool
[2010/12/21 10:04:46 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2010/12/21 10:04:44 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2010/12/21 10:01:14 | 000,000,000 | ---D | C] -- C:\Users\Jon\AppData\Local\Sunbelt Software
[2010/12/21 10:00:53 | 000,000,000 | -H-D | C] -- C:\ProgramData\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
[2010/12/21 10:00:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2010/12/21 10:00:48 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/12/21 09:59:27 | 130,359,064 | ---- | C] (Lavasoft ) -- C:\Users\Jon\Documents\Ad-Aware90Install.exe
[2010/12/21 08:57:42 | 000,017,744 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010/12/21 08:57:41 | 000,165,584 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010/12/21 08:57:39 | 000,023,376 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010/12/21 08:57:36 | 000,046,672 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010/12/21 08:57:30 | 000,050,768 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010/12/21 08:57:18 | 000,167,592 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2010/12/21 08:57:18 | 000,038,848 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2010/12/21 08:57:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010/12/21 08:57:13 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/12/20 23:46:36 | 000,000,000 | ---D | C] -- C:\Users\Jon\AppData\Roaming\Malwarebytes
[2010/12/20 23:46:28 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/12/20 23:46:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/12/20 23:46:24 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/12/20 23:46:24 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/12/20 23:45:33 | 007,622,112 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Jon\Documents\mbam-setup-1.50.0.0.exe
[2010/12/20 23:08:53 | 000,000,000 | ---D | C] -- C:\Users\Jon\Documents\NeroVision
[2010/12/20 23:05:47 | 000,000,000 | ---D | C] -- C:\Users\Jon\AppData\Local\{CAAF2CB1-BEA4-43EB-8C78-48C7449FFE0F}
[2010/12/20 23:04:46 | 000,000,000 | ---D | C] -- C:\Program Files\Xvid
[2010/12/20 22:57:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Data
[2010/12/20 22:55:29 | 000,197,632 | ---- | C] (Microsoft) -- C:\Program Files\Common Files\OnlineFilesManager.dll
[2010/12/20 22:54:09 | 000,000,000 | ---D | C] -- C:\Users\Jon\AppData\Local\Nero
[2010/12/20 15:22:18 | 000,000,000 | ---D | C] -- C:\Users\Jon\AppData\Roaming\skypePM
[2010/12/20 15:21:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010/12/20 15:21:06 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2010/12/20 15:21:06 | 000,000,000 | ---D | C] -- C:\Users\Jon\AppData\Roaming\Skype
[2010/12/20 15:21:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2010/12/20 15:19:32 | 000,955,784 | ---- | C] (Skype Technologies S.A.) -- C:\Users\Jon\Documents\SkypeSetup.exe
[2010/12/20 14:58:07 | 000,148,830 | ---- | C] (Broadcom Corporation) -- C:\Windows\System32\drivers\bcbthub.sys
[2010/12/20 14:58:07 | 000,116,021 | ---- | C] (Broadcom) -- C:\Windows\System32\drivers\fw203x.sys
[2010/12/20 14:58:07 | 000,082,148 | ---- | C] (IVT Corporation) -- C:\Windows\System32\drivers\VcommMgr.sys
[2010/12/20 14:58:07 | 000,061,312 | ---- | C] (IVT Corporation) -- C:\Windows\System32\drivers\VComm.sys
[2010/12/20 14:58:07 | 000,020,480 | ---- | C] (IVT Corporation) -- C:\Windows\System32\drivers\blueletaudio.sys
[2010/12/20 14:58:07 | 000,011,736 | ---- | C] (IVT Corporation) -- C:\Windows\System32\drivers\VHIDMini.sys
[2010/12/20 14:58:07 | 000,010,804 | ---- | C] (IVT Corporation) -- C:\Windows\System32\drivers\BtNetDrv.sys
[2010/12/20 14:58:06 | 000,049,152 | ---- | C] (IVT Corporation) -- C:\Windows\System32\btfunc.dll
[2010/12/20 14:58:06 | 000,007,680 | ---- | C] (IVT Corporation) -- C:\Windows\System32\btinstall.dll
[2010/12/20 14:47:22 | 000,196,608 | ---- | C] (RICOH) -- C:\Windows\System32\RiSDIcon.dll
[2010/12/20 14:47:22 | 000,188,416 | ---- | C] (RICOH) -- C:\Windows\System32\RiMMCIcon.dll
[2010/12/20 14:47:22 | 000,090,112 | ---- | C] (Sony Corporation) -- C:\Windows\System32\snymsico.dll
[2010/12/20 14:47:22 | 000,049,152 | ---- | C] (REDC) -- C:\Windows\System32\drivers\risdpe86.sys
[2010/12/20 14:47:22 | 000,047,104 | ---- | C] (REDC) -- C:\Windows\System32\drivers\rimspe86.sys
[2010/12/20 14:46:15 | 000,000,000 | ---D | C] -- C:\Program Files\CONEXANT
[2010/12/20 14:45:54 | 001,724,416 | ---- | C] (Conexant Systems Inc.) -- C:\Windows\System32\CX32QP17.dll
[2010/12/20 14:45:54 | 000,507,392 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\System32\MCAPO32.dll
[2010/12/20 14:45:54 | 000,467,968 | ---- | C] (Conexant Systems Inc.) -- C:\Windows\System32\drivers\CHDRT32.sys
[2010/12/20 14:45:54 | 000,258,048 | ---- | C] (Conexant Systems, Inc.) -- C:\Windows\System32\UCI32A41.dll
[2010/12/20 14:45:54 | 000,061,952 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\System32\MCWrp32.dll
[2010/12/20 14:43:15 | 000,000,000 | ---D | C] -- C:\Users\Jon\Documents\Dell WebCam Central
[2010/12/20 14:43:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Creative
[2010/12/20 14:43:14 | 000,000,000 | ---D | C] -- C:\Users\Jon\AppData\Roaming\Creative
[2010/12/20 14:36:59 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Reallusion
[2010/12/20 14:36:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Reallusion
[2010/12/20 14:36:32 | 000,000,000 | ---D | C] -- C:\Users\Jon\AppData\Roaming\InstallShield
[2010/12/20 14:36:10 | 000,000,000 | ---D | C] -- C:\Program Files\Creative
[2010/12/20 14:35:05 | 000,000,000 | ---D | C] -- C:\Program Files\Dell Webcam
[2010/12/20 14:35:04 | 000,143,968 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\System32\drivers\CtClsFlt.sys
[2010/12/20 14:35:03 | 000,134,144 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\System32\drivers\CtAudDrv.sys
[2010/12/20 14:34:56 | 000,000,000 | ---D | C] -- C:\Program Files\Creative Live! Cam
[2010/12/20 14:09:28 | 000,000,000 | ---D | C] -- C:\dell
[2010/12/20 14:05:55 | 000,000,000 | ---D | C] -- C:\Windows\System32\ivtMobCache
[2010/12/20 12:36:19 | 000,000,000 | ---D | C] -- C:\Users\Jon\Documents\Bluetooth
[2010/12/20 12:30:12 | 000,086,016 | R--- | C] (Socket Communications Inc.) -- C:\Windows\System32\drivers\SCBaud.w9x
[2010/12/20 12:30:12 | 000,077,824 | R--- | C] (Socket Communications Inc.) -- C:\Windows\System32\drivers\SioUi2k.dll
[2010/12/20 12:30:12 | 000,073,728 | R--- | C] (Socket Communications Inc.) -- C:\Windows\System32\drivers\SCBaud.cpl
[2010/12/20 12:30:12 | 000,063,488 | R--- | C] (National Semiconductor Sweden AB) -- C:\Windows\System32\drivers\wssbtr1f.sys
[2010/12/20 12:30:12 | 000,048,556 | R--- | C] (Socket Communications, Inc. ) -- C:\Windows\System32\drivers\SktBt2k.sys
[2010/12/20 12:30:12 | 000,048,076 | R--- | C] (Socket Communications, Inc. ) -- C:\Windows\System32\drivers\Sio9502k.sys
[2010/12/20 12:30:12 | 000,040,960 | R--- | C] (Socket Communications Inc.) -- C:\Windows\System32\drivers\SCTray.exe
[2010/12/20 12:30:11 | 000,051,169 | R--- | C] (OEM) -- C:\Windows\System32\drivers\OXSER.SYS
[2010/12/20 12:30:00 | 000,028,271 | ---- | C] (IVT Corporation) -- C:\Windows\System32\drivers\BTHidMgr.sys
[2010/12/20 12:29:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2010/12/20 12:09:09 | 000,023,000 | ---- | C] (IVT Corporation) -- C:\Windows\System32\drivers\btcusb.sys
[2010/12/20 12:02:35 | 000,000,000 | ---D | C] -- C:\Users\Jon\Documents\My Drivers
[2010/12/20 12:02:35 | 000,000,000 | ---D | C] -- C:\Users\Jon\AppData\Local\Innovative Solutions
[2010/12/20 12:02:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Innovative Solutions
[2010/12/20 12:02:23 | 000,000,000 | ---D | C] -- C:\Program Files\Innovative Solutions
[2010/12/20 11:55:46 | 000,000,000 | ---D | C] -- C:\Users\Jon\AppData\Local\Nero_AG
[2010/12/20 11:47:41 | 000,000,000 | ---D | C] -- C:\Users\Jon\AppData\Local\ElevatedDiagnostics
[2010/12/20 11:39:52 | 003,673,544 | ---- | C] (Broadcom Corporation.) -- C:\Users\Jon\Documents\SetupBtwDownloadSE.exe
[2010/12/20 09:48:10 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2010/12/20 09:48:10 | 000,000,000 | ---D | C] -- C:\Program Files\Game Copy Pro
[2010/12/19 14:35:38 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010/12/18 15:31:15 | 000,000,000 | ---D | C] -- C:\Users\Jon\AppData\Roaming\Nero
[2010/12/18 15:23:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
[2010/12/18 15:23:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nero
[2010/12/18 15:23:02 | 000,000,000 | ---D | C] -- C:\Program Files\Nero
[2010/12/18 15:17:16 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_42.dll
[2010/12/18 15:16:54 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll
[2010/12/18 15:16:31 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_40.dll
[2010/12/18 15:16:08 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_35.dll
[2010/12/18 15:15:46 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_34.dll
[2010/12/18 15:15:20 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_30.dll
[2010/12/18 15:09:16 | 000,000,000 | ---D | C] -- C:\Users\Jon\Desktop\Nero Multimedia Suite 10.0.13100 + key crack TESTED
[2010/12/18 14:52:57 | 000,000,000 | ---D | C] -- C:\Users\Jon\AppData\Roaming\WinRAR
[2010/12/18 14:52:18 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2010/12/18 14:44:34 | 000,000,000 | ---D | C] -- C:\Users\Jon\AppData\Local\{92FCFF51-3628-42AD-A334-286FB626542A}
[2010/12/18 14:44:34 | 000,000,000 | ---D | C] -- C:\Users\Jon\AppData\Local\{5DE68B7B-2DD3-4ED4-BE1B-596CFE601862}
[2010/12/18 14:44:19 | 000,000,000 | ---D | C] -- C:\Users\Jon\AppData\Roaming\Windows Live Writer
[2010/12/18 14:44:19 | 000,000,000 | ---D | C] -- C:\Users\Jon\AppData\Local\Windows Live Writer
[2010/12/18 14:04:52 | 000,000,000 | ---D | C] -- C:\Users\Jon\AppData\Roaming\Python-Eggs
[2010/12/18 14:04:50 | 000,000,000 | ---D | C] -- C:\Users\Jon\AppData\Roaming\BitLord
[2010/12/18 13:55:42 | 000,000,000 | ---D | C] -- C:\Users\Jon\Documents\BitLord
[2010/12/18 13:55:33 | 000,000,000 | ---D | C] -- C:\Program Files\BitLord 1.2
[2010/12/16 16:02:00 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/12/16 16:01:52 | 000,496,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2010/12/16 16:01:52 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2010/12/16 16:01:52 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2010/12/16 16:01:52 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe
[2010/12/16 16:01:51 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010/12/16 16:01:50 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webio.dll
[2010/12/16 16:01:50 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010/12/16 16:01:47 | 000,101,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2010/12/16 16:01:37 | 002,327,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010/12/14 20:21:39 | 000,000,000 | ---D | C] -- C:\Program Files\Magical Jelly Bean
[2010/12/13 15:21:00 | 000,000,000 | ---D | C] -- C:\Windows\en
[2010/12/13 15:18:02 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2010/12/13 15:05:19 | 000,000,000 | ---D | C] -- C:\Windows\System32\Wat
[2010/12/13 12:37:22 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2010/12/13 12:37:22 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2010/12/13 12:37:21 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2010/12/13 12:32:29 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2010/12/13 12:32:28 | 000,000,000 | ---D | C] -- C:\Intel
[2010/12/13 12:27:52 | 000,039,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fssfltr.sys
[2010/12/13 12:27:52 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2010/12/13 12:25:29 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2010/12/13 12:25:20 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_5.dll
[2010/12/13 12:25:20 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_42.dll
[2010/12/13 12:25:20 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll
[2010/12/13 12:25:17 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_32.dll
[2010/12/13 12:24:50 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/12/13 11:38:05 | 000,000,000 | ---D | C] -- C:\Program Files\Xavior
[2010/12/13 11:37:50 | 000,365,237 | ---- | C] (Soysal Software) -- C:\Users\Jon\Desktop\XaviorBeta7.exe
[2010/12/13 10:38:45 | 000,000,000 | ---D | C] -- C:\Users\Jon\AppData\Local\Windows Live
[2010/12/13 10:38:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2010/12/13 10:38:20 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2010/12/13 10:38:20 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2010/12/13 10:38:19 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL
[2010/12/13 10:38:01 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ks.sys
[2010/12/13 10:37:10 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010/12/13 10:37:07 | 001,037,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2010/12/13 10:37:07 | 000,133,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ksecpkg.sys
[2010/12/13 10:37:04 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll
[2010/12/13 10:37:03 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2010/12/13 10:37:03 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdri.dll
[2010/12/13 10:37:03 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2010/12/13 10:37:03 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2010/12/13 10:37:01 | 001,320,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnroll.dll
[2010/12/13 10:37:00 | 000,507,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2010/12/13 10:37:00 | 000,442,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2010/12/13 10:36:42 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2010/12/13 10:36:42 | 002,614,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2010/12/13 10:36:41 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2010/12/13 10:36:41 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2010/12/13 10:36:37 | 000,197,632 | ---- | C] (Intel® Corporation) -- C:\Windows\System32\ir32_32.dll
[2010/12/13 10:36:37 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2010/12/13 10:36:34 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2010/12/13 10:36:33 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2010/12/13 10:36:19 | 000,026,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
[2010/12/13 10:36:15 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2010/12/13 10:36:15 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2010/12/13 10:36:15 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2010/12/13 10:36:14 | 003,899,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/12/13 10:36:13 | 003,955,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/12/13 10:36:12 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2010/12/13 10:34:18 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010/12/13 10:33:39 | 000,369,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2010/12/13 10:33:39 | 000,365,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2010/12/13 10:33:38 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2010/12/13 10:33:38 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2010/12/13 10:33:38 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2010/12/13 10:33:38 | 000,277,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2010/12/13 10:33:38 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2010/12/13 10:33:38 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2010/12/13 10:33:36 | 000,363,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\StructuredQuery.dll
[2010/12/13 10:25:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010/12/13 10:25:08 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2010/12/13 10:24:44 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010/12/13 10:24:44 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/12/13 10:24:44 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2010/12/13 10:24:44 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2010/12/13 10:24:00 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2010/12/13 10:23:26 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2010/12/13 10:22:54 | 000,000,000 | ---D | C] -- C:\Users\Jon\AppData\Local\Microsoft Help
[2010/12/13 10:22:51 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010/12/13 10:22:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2010/12/13 10:22:37 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2010/12/13 09:33:51 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Jon\AppData\Roaming\pcouffin.sys
[2010/12/13 09:33:50 | 000,000,000 | ---D | C] -- C:\Users\Jon\AppData\Roaming\Vso
[2010/12/13 09:33:50 | 000,000,000 | ---D | C] -- C:\Users\Jon\Documents\PcSetup
[2010/12/13 09:24:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/12/13 09:22:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2010/12/13 09:22:29 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010/12/13 09:22:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/12/13 09:22:25 | 000,000,000 | ---D | C] -- C:\Users\Jon\AppData\Local\Adobe
[2010/12/13 07:09:01 | 000,000,000 | ---D | C] -- C:\Users\Jon\AppData\Roaming\Macromedia
[2010/12/13 07:09:01 | 000,000,000 | ---D | C] -- C:\Users\Jon\AppData\Roaming\Adobe
[2010/12/13 07:08:58 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2010/12/13 03:34:53 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2010/12/13 03:34:10 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2010/12/13 03:33:46 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2010/12/13 03:33:20 | 000,000,000 | ---D | C] -- C:\Windows\System32\oem
[2010/12/13 02:00:52 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/12/13 01:56:56 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2010/12/13 01:52:05 | 000,000,000 | R--D | C] -- C:\Users\Jon\Searches
[2010/12/13 01:52:05 | 000,000,000 | -H-D | C] -- C:\Users\Jon\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2010/12/13 01:51:56 | 000,000,000 | ---D | C] -- C:\Users\Jon\AppData\Roaming\Identities
[2010/12/13 01:51:54 | 000,000,000 | R--D | C] -- C:\Users\Jon\Contacts
[2010/12/13 01:51:50 | 000,000,000 | ---D | C] -- C:\Users\Jon\AppData\Local\VirtualStore
[2010/12/13 01:51:49 | 000,000,000 | --SD | C] -- C:\Users\Jon\AppData\Roaming\Microsoft
[2010/12/13 01:51:49 | 000,000,000 | R--D | C] -- C:\Users\Jon\Videos
[2010/12/13 01:51:49 | 000,000,000 | R--D | C] -- C:\Users\Jon\Saved Games
[2010/12/13 01:51:49 | 000,000,000 | R--D | C] -- C:\Users\Jon\Pictures
[2010/12/13 01:51:49 | 000,000,000 | R--D | C] -- C:\Users\Jon\Music
[2010/12/13 01:51:49 | 000,000,000 | R--D | C] -- C:\Users\Jon\Links
[2010/12/13 01:51:49 | 000,000,000 | R--D | C] -- C:\Users\Jon\Favorites
[2010/12/13 01:51:49 | 000,000,000 | R--D | C] -- C:\Users\Jon\Downloads
[2010/12/13 01:51:49 | 000,000,000 | R--D | C] -- C:\Users\Jon\My Documents
[2010/12/13 01:51:49 | 000,000,000 | R--D | C] -- C:\Users\Jon\Desktop
[2010/12/13 01:51:49 | 000,000,000 | -HSD | C] -- C:\Users\Jon\AppData\Local\Temporary Internet Files
[2010/12/13 01:51:49 | 000,000,000 | -HSD | C] -- C:\Users\Jon\Templates
[2010/12/13 01:51:49 | 000,000,000 | -HSD | C] -- C:\Users\Jon\Start Menu
[2010/12/13 01:51:49 | 000,000,000 | -HSD | C] -- C:\Users\Jon\SendTo
[2010/12/13 01:51:49 | 000,000,000 | -HSD | C] -- C:\Users\Jon\Recent
[2010/12/13 01:51:49 | 000,000,000 | -HSD | C] -- C:\Users\Jon\PrintHood
[2010/12/13 01:51:49 | 000,000,000 | -HSD | C] -- C:\Users\Jon\NetHood
[2010/12/13 01:51:49 | 000,000,000 | -HSD | C] -- C:\Users\Jon\Documents\My Videos
[2010/12/13 01:51:49 | 000,000,000 | -HSD | C] -- C:\Users\Jon\Documents\My Pictures
[2010/12/13 01:51:49 | 000,000,000 | -HSD | C] -- C:\Users\Jon\Documents\My Music
[2010/12/13 01:51:49 | 000,000,000 | -HSD | C] -- C:\Users\Jon\My Documents
[2010/12/13 01:51:49 | 000,000,000 | -HSD | C] -- C:\Users\Jon\Local Settings
[2010/12/13 01:51:49 | 000,000,000 | -HSD | C] -- C:\Users\Jon\AppData\Local\History
[2010/12/13 01:51:49 | 000,000,000 | -HSD | C] -- C:\Users\Jon\Cookies
[2010/12/13 01:51:49 | 000,000,000 | -HSD | C] -- C:\Users\Jon\Application Data
[2010/12/13 01:51:49 | 000,000,000 | -HSD | C] -- C:\Users\Jon\AppData\Local\Application Data
[2010/12/13 01:51:49 | 000,000,000 | -H-D | C] -- C:\Users\Jon\AppData
[2010/12/13 01:51:49 | 000,000,000 | ---D | C] -- C:\Users\Jon\AppData\Local\Temp
[2010/12/13 01:51:49 | 000,000,000 | ---D | C] -- C:\Users\Jon\AppData\Local\Microsoft
[2010/12/13 01:51:49 | 000,000,000 | ---D | C] -- C:\Users\Jon\AppData\Roaming\Media Center Programs
[2010/12/13 01:51:36 | 000,000,000 | -HSD | C] -- C:\Recovery
[2010/12/13 01:51:30 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2010/08/25 18:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll

========== Files - Modified Within 30 Days ==========

[2010/12/27 11:29:08 | 000,014,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/12/27 11:29:08 | 000,014,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/12/27 11:22:56 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/12/27 11:22:18 | 000,000,035 | ---- | M] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini
[2010/12/27 11:21:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/12/27 11:21:49 | 2790,543,360 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/27 00:50:08 | 000,624,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/12/27 00:50:08 | 000,106,522 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/12/26 21:00:27 | 000,000,422 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2010/12/24 16:08:08 | 000,001,219 | ---- | M] () -- C:\Users\Public\Desktop\The Weather Channel Desktop .lnk
[2010/12/24 14:11:01 | 000,001,965 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/12/23 22:08:12 | 000,000,981 | ---- | M] () -- C:\Users\Jon\Application Data\Microsoft\Internet Explorer\Quick Launch\DVDFab 8.lnk
[2010/12/23 22:08:12 | 000,000,957 | ---- | M] () -- C:\Users\Jon\Desktop\DVDFab 8.lnk
[2010/12/23 22:07:22 | 000,000,218 | ---- | M] () -- C:\Users\Jon\.recently-used.xbel
[2010/12/23 22:04:30 | 000,087,608 | ---- | M] () -- C:\Users\Jon\AppData\Roaming\inst.exe
[2010/12/23 22:04:30 | 000,047,360 | ---- | M] (VSO Software) -- C:\Users\Jon\AppData\Roaming\pcouffin.sys
[2010/12/23 22:04:30 | 000,007,887 | ---- | M] () -- C:\Users\Jon\AppData\Roaming\pcouffin.cat
[2010/12/23 22:04:30 | 000,001,144 | ---- | M] () -- C:\Users\Jon\AppData\Roaming\pcouffin.inf
[2010/12/23 21:39:18 | 129,245,554 | ---- | M] () -- C:\Users\Jon\Desktop\gardenscale.avi
[2010/12/23 12:27:15 | 000,001,025 | ---- | M] () -- C:\Users\Public\Desktop\Full Tilt Poker.lnk
[2010/12/23 08:37:17 | 000,022,883 | ---- | M] () -- C:\Users\Jon\Desktop\AutoIDCard.pdf
[2010/12/22 18:37:00 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2010/12/21 22:51:44 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010/12/21 20:47:24 | 270,530,957 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/12/21 20:22:27 | 000,001,868 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BlueSoleil.lnk
[2010/12/21 20:22:27 | 000,001,850 | ---- | M] () -- C:\Users\Public\Desktop\BlueSoleil.lnk
[2010/12/21 20:00:28 | 000,246,804 | ---- | M] () -- C:\Windows\System32\drivers\AtherosBt.bin
[2010/12/21 11:18:59 | 000,001,411 | ---- | M] () -- C:\Users\Jon\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/12/21 10:54:18 | 000,000,134 | ---- | M] () -- C:\Users\Jon\Desktop\Internet Explorer Troubleshooting.url
[2010/12/21 10:04:44 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2010/12/21 10:00:52 | 000,001,124 | ---- | M] () -- C:\Users\Jon\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/12/21 10:00:52 | 000,001,100 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010/12/21 09:59:37 | 130,359,064 | ---- | M] (Lavasoft ) -- C:\Users\Jon\Documents\Ad-Aware90Install.exe
[2010/12/21 08:57:43 | 000,002,009 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010/12/21 08:57:30 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010/12/21 08:56:36 | 051,515,288 | ---- | M] () -- C:\Users\Jon\Documents\setup_av_free.exe
[2010/12/20 23:46:29 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/20 23:46:02 | 007,622,112 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Jon\Documents\mbam-setup-1.50.0.0.exe
[2010/12/20 23:04:21 | 000,628,277 | ---- | M] () -- C:\Users\Jon\Documents\Xvid-1.2.2-07062009.zip
[2010/12/20 22:55:29 | 000,197,632 | ---- | M] (Microsoft) -- C:\Program Files\Common Files\OnlineFilesManager.dll
[2010/12/20 15:22:19 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat
[2010/12/20 15:21:10 | 000,002,503 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2010/12/20 15:19:46 | 000,955,784 | ---- | M] (Skype Technologies S.A.) -- C:\Users\Jon\Documents\SkypeSetup.exe
[2010/12/20 14:37:25 | 000,000,075 | RHS- | M] () -- C:\Windows\CT4CET.bin
[2010/12/20 14:18:50 | 000,000,032 | ---- | M] () -- C:\Windows\0
[2010/12/20 13:24:11 | 000,000,000 | ---- | M] () -- C:\Windows\System32\0
[2010/12/20 12:02:33 | 000,001,088 | ---- | M] () -- C:\Users\Jon\Desktop\DriverMax.lnk
[2010/12/20 11:43:40 | 125,752,797 | ---- | M] () -- C:\Users\Jon\Documents\UT_USB_BT21_5503200.zip
[2010/12/20 11:40:10 | 003,673,544 | ---- | M] (Broadcom Corporation.) -- C:\Users\Jon\Documents\SetupBtwDownloadSE.exe
[2010/12/20 09:48:10 | 000,000,998 | ---- | M] () -- C:\Users\Public\Desktop\Launch GameCopyPro2.73.exe.lnk
[2010/12/18 20:21:25 | 000,013,028 | ---- | M] () -- C:\Users\Jon\Documents\If our Door is Closed.docx
[2010/12/18 15:28:45 | 000,002,923 | ---- | M] () -- C:\Users\Public\Desktop\Nero StartSmart 10.lnk
[2010/12/18 15:27:49 | 000,002,901 | ---- | M] () -- C:\Users\Public\Desktop\Nero Vision 10.lnk
[2010/12/18 15:26:44 | 000,002,895 | ---- | M] () -- C:\Users\Public\Desktop\Nero MediaHub 10.lnk
[2010/12/18 15:24:59 | 000,003,013 | ---- | M] () -- C:\Users\Public\Desktop\Nero BackItUp 10.lnk
[2010/12/18 15:24:30 | 000,002,915 | ---- | M] () -- C:\Users\Public\Desktop\Nero Burning ROM 10.lnk
[2010/12/18 13:56:49 | 000,001,993 | ---- | M] () -- C:\Users\Jon\Desktop\BitLord.lnk
[2010/12/18 13:51:58 | 000,406,272 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/12/14 20:21:42 | 000,000,972 | ---- | M] () -- C:\Users\Public\Desktop\KeyFinder.lnk
[2010/12/14 20:20:16 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/12/13 15:19:29 | 000,000,020 | ---- | M] () -- C:\Windows\LõÓ
[2010/12/13 12:24:13 | 000,013,979 | ---- | M] () -- C:\Users\Jon\Documents\Sanchez Concrete.docx
[2010/12/13 11:37:58 | 000,365,237 | ---- | M] (Soysal Software) -- C:\Users\Jon\Desktop\XaviorBeta7.exe
[2010/12/13 09:24:43 | 000,001,989 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2010/12/13 03:37:20 | 000,039,252 | ---- | M] () -- C:\Windows\System32\license.rtf
[2010/12/03 03:05:34 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2010/12/03 03:05:33 | 000,015,880 | ---- | M] () -- C:\Windows\System32\lsdelete.exe
[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2010/12/24 17:22:12 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/12/24 16:08:08 | 000,001,219 | ---- | C] () -- C:\Users\Public\Desktop\The Weather Channel Desktop .lnk
[2010/12/24 14:11:01 | 000,001,965 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/12/23 22:08:12 | 000,000,981 | ---- | C] () -- C:\Users\Jon\Application Data\Microsoft\Internet Explorer\Quick Launch\DVDFab 8.lnk
[2010/12/23 22:08:12 | 000,000,957 | ---- | C] () -- C:\Users\Jon\Desktop\DVDFab 8.lnk
[2010/12/23 22:07:22 | 000,000,218 | ---- | C] () -- C:\Users\Jon\.recently-used.xbel
[2010/12/23 21:40:45 | 129,245,554 | ---- | C] () -- C:\Users\Jon\Desktop\gardenscale.avi
[2010/12/23 21:02:16 | 437,378,536 | ---- | C] () -- C:\Users\Jon\Desktop\SDC10196.AVI
[2010/12/23 12:27:15 | 000,001,025 | ---- | C] () -- C:\Users\Public\Desktop\Full Tilt Poker.lnk
[2010/12/23 08:37:17 | 000,022,883 | ---- | C] () -- C:\Users\Jon\Desktop\AutoIDCard.pdf
[2010/12/22 18:38:49 | 001,747,888 | ---- | C] () -- C:\Users\Jon\Desktop\SDC10165.JPG
[2010/12/22 18:38:49 | 001,713,719 | ---- | C] () -- C:\Users\Jon\Desktop\SDC10167.JPG
[2010/12/21 22:51:44 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/12/21 22:21:46 | 000,000,564 | ---- | C] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2010/12/21 22:21:45 | 000,000,422 | ---- | C] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2010/12/21 20:47:24 | 270,530,957 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/12/21 20:22:27 | 000,001,868 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BlueSoleil.lnk
[2010/12/21 20:22:27 | 000,001,850 | ---- | C] () -- C:\Users\Public\Desktop\BlueSoleil.lnk
[2010/12/21 20:02:27 | 000,000,035 | ---- | C] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini
[2010/12/21 19:59:09 | 000,013,243 | ---- | C] () -- C:\Windows\System32\netathr.inf
[2010/12/21 19:59:09 | 000,007,996 | ---- | C] () -- C:\Windows\System32\athrext.cat
[2010/12/21 11:15:46 | 000,072,533 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2010/12/21 11:07:19 | 000,015,880 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2010/12/21 10:54:18 | 000,000,134 | ---- | C] () -- C:\Users\Jon\Desktop\Internet Explorer Troubleshooting.url
[2010/12/21 10:00:52 | 000,001,124 | ---- | C] () -- C:\Users\Jon\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/12/21 10:00:52 | 000,001,100 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010/12/21 08:57:43 | 000,002,009 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010/12/21 08:56:23 | 051,515,288 | ---- | C] () -- C:\Users\Jon\Documents\setup_av_free.exe
[2010/12/20 23:46:29 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/20 23:04:46 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/12/20 23:04:46 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/12/20 23:04:46 | 000,077,824 | ---- | C] () -- C:\Windows\System32\xvid.ax
[2010/12/20 23:04:13 | 000,628,277 | ---- | C] () -- C:\Users\Jon\Documents\Xvid-1.2.2-07062009.zip
[2010/12/20 15:22:19 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/12/20 15:21:10 | 000,002,503 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2010/12/20 14:58:07 | 000,013,304 | ---- | C] () -- C:\Windows\System32\drivers\BTNetFilter.sys
[2010/12/20 14:37:25 | 000,000,075 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2010/12/20 14:36:08 | 000,057,656 | ---- | C] () -- C:\Windows\System32\drivers\FilterPC.bmp
[2010/12/20 14:36:08 | 000,024,995 | ---- | C] () -- C:\Windows\System32\drivers\FilterPC.jpg
[2010/12/20 13:24:11 | 000,000,032 | ---- | C] () -- C:\Windows\0
[2010/12/20 13:24:11 | 000,000,000 | ---- | C] () -- C:\Windows\System32\0
[2010/12/20 12:30:12 | 000,016,486 | R--- | C] () -- C:\Windows\System32\drivers\sktsio9x.vxd
[2010/12/20 12:30:12 | 000,014,380 | R--- | C] () -- C:\Windows\System32\drivers\OXSER.VXD
[2010/12/20 12:30:12 | 000,005,787 | R--- | C] () -- C:\Windows\System32\drivers\SCTB.VXD
[2010/12/20 12:30:12 | 000,000,208 | R--- | C] () -- C:\Windows\System32\drivers\vssver.scc
[2010/12/20 12:30:00 | 000,011,860 | ---- | C] () -- C:\Windows\System32\drivers\VBTEnum.sys
[2010/12/20 12:02:33 | 000,001,088 | ---- | C] () -- C:\Users\Jon\Desktop\DriverMax.lnk
[2010/12/20 11:43:40 | 125,752,797 | ---- | C] () -- C:\Users\Jon\Documents\UT_USB_BT21_5503200.zip
[2010/12/20 09:48:10 | 000,000,998 | ---- | C] () -- C:\Users\Public\Desktop\Launch GameCopyPro2.73.exe.lnk
[2010/12/18 20:21:23 | 000,013,028 | ---- | C] () -- C:\Users\Jon\Documents\If our Door is Closed.docx
[2010/12/18 15:28:45 | 000,002,923 | ---- | C] () -- C:\Users\Public\Desktop\Nero StartSmart 10.lnk
[2010/12/18 15:27:49 | 000,002,901 | ---- | C] () -- C:\Users\Public\Desktop\Nero Vision 10.lnk
[2010/12/18 15:26:44 | 000,002,895 | ---- | C] () -- C:\Users\Public\Desktop\Nero MediaHub 10.lnk
[2010/12/18 15:24:59 | 000,003,013 | ---- | C] () -- C:\Users\Public\Desktop\Nero BackItUp 10.lnk
[2010/12/18 15:24:30 | 000,002,915 | ---- | C] () -- C:\Users\Public\Desktop\Nero Burning ROM 10.lnk
[2010/12/18 14:04:50 | 000,000,000 | ---- | C] () -- C:\Users\Jon\AppData\Roaming\bitlord_log.txt
[2010/12/18 13:56:49 | 000,001,993 | ---- | C] () -- C:\Users\Jon\Desktop\BitLord.lnk
[2010/12/14 20:21:42 | 000,000,972 | ---- | C] () -- C:\Users\Public\Desktop\KeyFinder.lnk
[2010/12/14 20:20:16 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/12/13 15:19:28 | 000,000,020 | ---- | C] () -- C:\Windows\LõÓ
[2010/12/13 12:24:12 | 000,013,979 | ---- | C] () -- C:\Users\Jon\Documents\Sanchez Concrete.docx
[2010/12/13 09:34:10 | 000,000,033 | ---- | C] () -- C:\Users\Jon\AppData\Roaming\pcouffin.log
[2010/12/13 09:33:51 | 000,087,608 | ---- | C] () -- C:\Users\Jon\AppData\Roaming\inst.exe
[2010/12/13 09:33:51 | 000,007,887 | ---- | C] () -- C:\Users\Jon\AppData\Roaming\pcouffin.cat
[2010/12/13 09:33:51 | 000,001,144 | ---- | C] () -- C:\Users\Jon\AppData\Roaming\pcouffin.inf
[2010/12/13 09:24:43 | 000,001,989 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2010/12/13 03:34:10 | 2790,543,360 | -HS- | C] () -- C:\hiberfil.sys
[2010/12/13 03:33:20 | 000,000,024 | RH-- | C] () -- C:\Windows\DELL_version
[2010/12/13 01:54:51 | 000,001,411 | ---- | C] () -- C:\Users\Jon\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/12/13 01:51:49 | 000,000,290 | ---- | C] () -- C:\Users\Jon\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2010/12/13 01:51:49 | 000,000,272 | ---- | C] () -- C:\Users\Jon\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2010/08/25 18:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010/08/25 18:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2009/12/03 09:27:30 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/07/13 17:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll

< End of report >

OTL EXTRAS.TXT
OTL Extras logfile created on: 12/27/2010 12:05:36 PM - Run 1
OTL by OldTimer - Version 3.2.18.0 Folder = C:\Users\Jon\Downloads
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.7930.16406)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 59.00% Memory free
7.00 Gb Paging File | 5.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148.95 Gb Total Space | 114.55 Gb Free Space | 76.90% Space Free | Partition Type: NTFS

Computer Name: JON-PC | User Name: Jon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{101A497C-7EF6-4001-834D-E5FA1C70FEFA}" = Bluetooth Win7 Suite
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Dell WLAN and Bluetooth Client Installation
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{2B818257-E6C7-4841-8C29-C5C9A982BCE5}" = RICOH Media Driver ver.2.07.01.00
"{30368B72-4D78-498E-8AE1-7389C51BD57B}" = GameCopyPro273_1
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5U8xx Media Driver ver.3.62.02
"{5F548A02-80BC-404D-BAE6-F05F9BF6B449}" = Nero DiscCopyGadget 10 Help (CHM)
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{65C0025A-2CDE-43C5-82D0-C7A56EF0DB39}" = Bing Bar Platform
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
"{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{92EC1A84-7FFC-42DF-A8F6-79C21C4765A5}" = Nero DiscCopy Gadget 10
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B9F499B8-D1F0-42FC-84BE-CC552123CCCB}" = BlueSoleil
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
"{E2D09AC2-4153-4817-AAEB-24F92A8BCE88}" = Windows Media Center Add-in for Flash
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"avast5" = avast! Free Antivirus
"BitLord" = BitLord 1.2
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Dell Support Center" = Dell Support Center
"Dell Webcam Central" = Dell Webcam Central
"DMX5_is1" = DriverMax 5
"DVDFab 8_is1" = DVDFab 8.0.6.1 (18/12/2010)
"KeyFinder_is1" = Magical Jelly Bean KeyFinder
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"The Weather Channel Desktop 6" = The Weather Channel Desktop 6
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.00 beta 3 (32-bit)
"Xavior" = Xavior
"Xvid_is1" = Xvid 1.2.2 final uninstall

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/22/2010 12:42:16 AM | Computer Name = Jon-PC | Source = PC-Doctor | ID = 1
Description = (800) Asapi: (22:42:16:2160)(800) libDiskScanner - Error -- 328 Sparce
file \\?\C:\Users\Jon\Documents\BitLord\nero\Nero Multimedia Suite 10.0.13100 +
key crack TESTED.rar

Error - 12/22/2010 2:33:22 AM | Computer Name = Jon-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\innovative
solutions\drivermax\DPInst\amd64\dpinst.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 12/22/2010 2:33:22 AM | Computer Name = Jon-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\innovative
solutions\drivermax\DPInst\ia64\dpinst.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 12/23/2010 10:39:56 AM | Computer Name = Jon-PC | Source = VSS | ID = 8194
Description =

Error - 12/23/2010 3:16:01 PM | Computer Name = Jon-PC | Source = Application Hang | ID = 1002
Description = The program FullTiltPoker.exe version 0.0.0.0 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 358 Start
Time: 01cba2cf09238760 Termination Time: 16 Application Path: C:\Program Files\Full
Tilt Poker\FullTiltPoker.exe Report Id: 0cd229b5-0ec9-11e0-9cfa-00030d000001

Error - 12/23/2010 8:58:50 PM | Computer Name = Jon-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.7930.16406,
time stamp: 0x4c7e0414 Faulting module name: Flash10l.ocx, version: 10.1.102.64,
time stamp: 0x4cc0fef8 Exception code: 0xc0000005 Fault offset: 0x000ca6f3 Faulting
process id: 0xce8 Faulting application start time: 0x01cba2fbbdb77c92 Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Windows\system32\Macromed\Flash\Flash10l.ocx
Report
Id: f7de8a20-0ef8-11e0-af3e-00030d000001

Error - 12/24/2010 1:22:00 PM | Computer Name = Jon-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.7930.16406 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: f7c Start
Time: 01cba38ed5edfa2c Termination Time: 16 Application Path: C:\Program Files\Internet
Explorer\iexplore.exe Report Id:

Error - 12/25/2010 10:30:48 PM | Computer Name = Jon-PC | Source = Application Hang | ID = 1002
Description = The program FullTiltPoker.exe version 0.0.0.0 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: c6c Start
Time: 01cba490a7dd4434 Termination Time: 15 Application Path: C:\Program Files\Full
Tilt Poker\FullTiltPoker.exe Report Id: 23497fef-1098-11e0-aeab-00030d000001

Error - 12/27/2010 1:45:10 AM | Computer Name = Jon-PC | Source = Application Hang | ID = 1002
Description = The program FullTiltPoker.exe version 0.0.0.0 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: c34 Start
Time: 01cba574a62be3ac Termination Time: 1638 Application Path: C:\Program Files\Full
Tilt Poker\FullTiltPoker.exe Report Id: 717fd7e5-117c-11e0-9726-00030d000001

Error - 12/27/2010 2:02:29 AM | Computer Name = Jon-PC | Source = Application Hang | ID = 1002
Description = The program FullTiltPoker.exe version 0.0.0.0 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1280 Start
Time: 01cba5893a6639e6 Termination Time: 62 Application Path: C:\Program Files\Full
Tilt Poker\FullTiltPoker.exe Report Id: dd661ec8-117e-11e0-9726-00030d000001

[ Media Center Events ]
Error - 12/25/2010 3:53:03 PM | Computer Name = Jon-PC | Source = MCUpdate | ID = 0
Description = 1:53:03 PM - Failed to retrieve MCESpotlight (Error: Unable to connect
to the remote server)

Error - 12/25/2010 3:53:45 PM | Computer Name = Jon-PC | Source = MCUpdate | ID = 0
Description = 1:53:45 PM - Failed to retrieve SportsSchedule (Error: Unable to connect
to the remote server)

[ System Events ]
Error - 12/22/2010 9:48:46 PM | Computer Name = Jon-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Wlansvc service.

Error - 12/24/2010 1:19:34 PM | Computer Name = Jon-PC | Source = Microsoft-Windows-Application-Experience | ID = 205
Description = The Program Compatibility Assistant service failed to perform the
phase two initialization.

Error - 12/26/2010 10:18:48 PM | Computer Name = Jon-PC | Source = Schannel | ID = 36874
Description = An SSL 3.0 connection request was received from a remote client application,
but none of the cipher suites supported by the client application are supported
by the server. The SSL connection request has failed.

Error - 12/26/2010 10:18:48 PM | Computer Name = Jon-PC | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 40. The internal error state
is 107.

Error - 12/26/2010 10:18:49 PM | Computer Name = Jon-PC | Source = Schannel | ID = 36874
Description = An SSL 3.0 connection request was received from a remote client application,
but none of the cipher suites supported by the client application are supported
by the server. The SSL connection request has failed.

Error - 12/26/2010 10:18:49 PM | Computer Name = Jon-PC | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 40. The internal error state
is 107.

Error - 12/26/2010 10:18:50 PM | Computer Name = Jon-PC | Source = Schannel | ID = 36874
Description = An SSL 3.0 connection request was received from a remote client application,
but none of the cipher suites supported by the client application are supported
by the server. The SSL connection request has failed.

Error - 12/26/2010 10:18:50 PM | Computer Name = Jon-PC | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 40. The internal error state
is 107.

Error - 12/26/2010 10:18:50 PM | Computer Name = Jon-PC | Source = Schannel | ID = 36874
Description = An SSL 3.0 connection request was received from a remote client application,
but none of the cipher suites supported by the client application are supported
by the server. The SSL connection request has failed.

Error - 12/26/2010 10:18:50 PM | Computer Name = Jon-PC | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 40. The internal error state
is 107.


< End of report >


OTL Extras logfile created on: 12/27/2010 12:05:36 PM - Run 1
OTL by OldTimer - Version 3.2.18.0 Folder = C:\Users\Jon\Downloads
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.7930.16406)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 59.00% Memory free
7.00 Gb Paging File | 5.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148.95 Gb Total Space | 114.55 Gb Free Space | 76.90% Space Free | Partition Type: NTFS

Computer Name: JON-PC | User Name: Jon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{101A497C-7EF6-4001-834D-E5FA1C70FEFA}" = Bluetooth Win7 Suite
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Dell WLAN and Bluetooth Client Installation
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{2B818257-E6C7-4841-8C29-C5C9A982BCE5}" = RICOH Media Driver ver.2.07.01.00
"{30368B72-4D78-498E-8AE1-7389C51BD57B}" = GameCopyPro273_1
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5U8xx Media Driver ver.3.62.02
"{5F548A02-80BC-404D-BAE6-F05F9BF6B449}" = Nero DiscCopyGadget 10 Help (CHM)
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{65C0025A-2CDE-43C5-82D0-C7A56EF0DB39}" = Bing Bar Platform
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
"{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{92EC1A84-7FFC-42DF-A8F6-79C21C4765A5}" = Nero DiscCopy Gadget 10
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B9F499B8-D1F0-42FC-84BE-CC552123CCCB}" = BlueSoleil
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
"{E2D09AC2-4153-4817-AAEB-24F92A8BCE88}" = Windows Media Center Add-in for Flash
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"avast5" = avast! Free Antivirus
"BitLord" = BitLord 1.2
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Dell Support Center" = Dell Support Center
"Dell Webcam Central" = Dell Webcam Central
"DMX5_is1" = DriverMax 5
"DVDFab 8_is1" = DVDFab 8.0.6.1 (18/12/2010)
"KeyFinder_is1" = Magical Jelly Bean KeyFinder
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"The Weather Channel Desktop 6" = The Weather Channel Desktop 6
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.00 beta 3 (32-bit)
"Xavior" = Xavior
"Xvid_is1" = Xvid 1.2.2 final uninstall

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/22/2010 12:42:16 AM | Computer Name = Jon-PC | Source = PC-Doctor | ID = 1
Description = (800) Asapi: (22:42:16:2160)(800) libDiskScanner - Error -- 328 Sparce
file \\?\C:\Users\Jon\Documents\BitLord\nero\Nero Multimedia Suite 10.0.13100 +
key crack TESTED.rar

Error - 12/22/2010 2:33:22 AM | Computer Name = Jon-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\innovative
solutions\drivermax\DPInst\amd64\dpinst.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 12/22/2010 2:33:22 AM | Computer Name = Jon-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\innovative
solutions\drivermax\DPInst\ia64\dpinst.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 12/23/2010 10:39:56 AM | Computer Name = Jon-PC | Source = VSS | ID = 8194
Description =

Error - 12/23/2010 3:16:01 PM | Computer Name = Jon-PC | Source = Application Hang | ID = 1002
Description = The program FullTiltPoker.exe version 0.0.0.0 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 358 Start
Time: 01cba2cf09238760 Termination Time: 16 Application Path: C:\Program Files\Full
Tilt Poker\FullTiltPoker.exe Report Id: 0cd229b5-0ec9-11e0-9cfa-00030d000001

Error - 12/23/2010 8:58:50 PM | Computer Name = Jon-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.7930.16406,
time stamp: 0x4c7e0414 Faulting module name: Flash10l.ocx, version: 10.1.102.64,
time stamp: 0x4cc0fef8 Exception code: 0xc0000005 Fault offset: 0x000ca6f3 Faulting
process id: 0xce8 Faulting application start time: 0x01cba2fbbdb77c92 Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Windows\system32\Macromed\Flash\Flash10l.ocx
Report
Id: f7de8a20-0ef8-11e0-af3e-00030d000001

Error - 12/24/2010 1:22:00 PM | Computer Name = Jon-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.7930.16406 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: f7c Start
Time: 01cba38ed5edfa2c Termination Time: 16 Application Path: C:\Program Files\Internet
Explorer\iexplore.exe Report Id:

Error - 12/25/2010 10:30:48 PM | Computer Name = Jon-PC | Source = Application Hang | ID = 1002
Description = The program FullTiltPoker.exe version 0.0.0.0 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: c6c Start
Time: 01cba490a7dd4434 Termination Time: 15 Application Path: C:\Program Files\Full
Tilt Poker\FullTiltPoker.exe Report Id: 23497fef-1098-11e0-aeab-00030d000001

Error - 12/27/2010 1:45:10 AM | Computer Name = Jon-PC | Source = Application Hang | ID = 1002
Description = The program FullTiltPoker.exe version 0.0.0.0 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: c34 Start
Time: 01cba574a62be3ac Termination Time: 1638 Application Path: C:\Program Files\Full
Tilt Poker\FullTiltPoker.exe Report Id: 717fd7e5-117c-11e0-9726-00030d000001

Error - 12/27/2010 2:02:29 AM | Computer Name = Jon-PC | Source = Application Hang | ID = 1002
Description = The program FullTiltPoker.exe version 0.0.0.0 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1280 Start
Time: 01cba5893a6639e6 Termination Time: 62 Application Path: C:\Program Files\Full
Tilt Poker\FullTiltPoker.exe Report Id: dd661ec8-117e-11e0-9726-00030d000001

[ Media Center Events ]
Error - 12/25/2010 3:53:03 PM | Computer Name = Jon-PC | Source = MCUpdate | ID = 0
Description = 1:53:03 PM - Failed to retrieve MCESpotlight (Error: Unable to connect
to the remote server)

Error - 12/25/2010 3:53:45 PM | Computer Name = Jon-PC | Source = MCUpdate | ID = 0
Description = 1:53:45 PM - Failed to retrieve SportsSchedule (Error: Unable to connect
to the remote server)

[ System Events ]
Error - 12/22/2010 9:48:46 PM | Computer Name = Jon-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Wlansvc service.

Error - 12/24/2010 1:19:34 PM | Computer Name = Jon-PC | Source = Microsoft-Windows-Application-Experience | ID = 205
Description = The Program Compatibility Assistant service failed to perform the
phase two initialization.

Error - 12/26/2010 10:18:48 PM | Computer Name = Jon-PC | Source = Schannel | ID = 36874
Description = An SSL 3.0 connection request was received from a remote client application,
but none of the cipher suites supported by the client application are supported
by the server. The SSL connection request has failed.

Error - 12/26/2010 10:18:48 PM | Computer Name = Jon-PC | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 40. The internal error state
is 107.

Error - 12/26/2010 10:18:49 PM | Computer Name = Jon-PC | Source = Schannel | ID = 36874
Description = An SSL 3.0 connection request was received from a remote client application,
but none of the cipher suites supported by the client application are supported
by the server. The SSL connection request has failed.

Error - 12/26/2010 10:18:49 PM | Computer Name = Jon-PC | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 40. The internal error state
is 107.

Error - 12/26/2010 10:18:50 PM | Computer Name = Jon-PC | Source = Schannel | ID = 36874
Description = An SSL 3.0 connection request was received from a remote client application,
but none of the cipher suites supported by the client application are supported
by the server. The SSL connection request has failed.

Error - 12/26/2010 10:18:50 PM | Computer Name = Jon-PC | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 40. The internal error state
is 107.

Error - 12/26/2010 10:18:50 PM | Computer Name = Jon-PC | Source = Schannel | ID = 36874
Description = An SSL 3.0 connection request was received from a remote client application,
but none of the cipher suites supported by the client application are supported
by the server. The SSL connection request has failed.

Error - 12/26/2010 10:18:50 PM | Computer Name = Jon-PC | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 40. The internal error state
is 107.


< End of report >

Edited by boopme, 27 December 2010 - 08:00 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:13 AM

Posted 03 January 2011 - 12:07 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.


We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.


In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply





Scan With RKUnHooker

  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


"just click on Cancel, then Accept".


information and logs:

  • In your next post I need the following

  • .logs from DDS
  • log from RKUnHooker
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:13 AM

Posted 06 January 2011 - 06:32 AM

Hello

three day bump

It has been Three days since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:13 AM

Posted 08 January 2011 - 11:20 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users